9router 0.3.53 → 0.3.55

package/app/src/mitm/dns/dnsConfig.js

@@ -2,6 +2,7 @@ const { exec, spawn } = require("child_process");
 const fs = require("fs");
 const path = require("path");
 const os = require("os");
+const { log, err } = require("../logger");
 
 // Per-tool DNS hosts mapping
 const TOOL_HOSTS = {
@@ -131,7 +132,7 @@ async function addDNSEntry(tool, sudoPassword) {
 
   const entriesToAdd = hosts.filter(h => !checkDNSEntry(h));
   if (entriesToAdd.length === 0) {
-    console.log(`DNS entries for ${tool} already exist`);
+    log(`🌐 DNS ${tool}: already active`);
     return;
   }
 
@@ -139,43 +140,15 @@ async function addDNSEntry(tool, sudoPassword) {
 
   try {
     if (IS_WIN) {
-      const hostsPath = HOSTS_FILE.replace(/'/g, "''");
-      
-      // Build PowerShell script with proper error handling
-      const scriptLines = [];
-      scriptLines.push(`$ErrorActionPreference = 'Stop'`);
-      scriptLines.push(`$hostsPath = '${hostsPath}'`);
-      scriptLines.push(`try {`);
-      scriptLines.push(`  $hostsContent = Get-Content -Path $hostsPath -Raw -ErrorAction SilentlyContinue`);
-      scriptLines.push(`  if (-not $hostsContent) { $hostsContent = '' }`);
-      
-      for (const host of entriesToAdd) {
-        // Escape special regex chars in hostname
-        const escapedHost = host.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-        scriptLines.push(`  if ($hostsContent -notmatch '${escapedHost}') {`);
-        scriptLines.push(`    Add-Content -Path $hostsPath -Value '127.0.0.1 ${host}' -Encoding UTF8 -ErrorAction Stop`);
-        scriptLines.push(`    Write-Host "Added DNS entry: ${host}"`);
-        scriptLines.push(`  } else {`);
-        scriptLines.push(`    Write-Host "DNS entry already exists: ${host}"`);
-        scriptLines.push(`  }`);
-      }
-      
-      scriptLines.push(`  ipconfig /flushdns | Out-Null`);
-      scriptLines.push(`} catch {`);
-      scriptLines.push(`  Write-Error "Failed to add DNS: $_"`);
-      scriptLines.push(`  exit 1`);
-      scriptLines.push(`}`);
-      
-      const psScript = scriptLines.join("\n");
-      const tmpPs1 = path.join(os.tmpdir(), `mitm_dns_add_${Date.now()}.ps1`);
-      fs.writeFileSync(tmpPs1, psScript, "utf8");
-      
-      await executeElevatedPowerShell(tmpPs1, 30000);
+      // Process already has admin rights — edit hosts file directly
+      const toAppend = entriesToAdd.map(h => `127.0.0.1 ${h}`).join("\r\n") + "\r\n";
+      fs.appendFileSync(HOSTS_FILE, toAppend, "utf8");
+      require("child_process").execSync("ipconfig /flushdns", { windowsHide: true });
     } else {
       await execWithPassword(`echo "${entries}" >> ${HOSTS_FILE}`, sudoPassword);
       await flushDNS(sudoPassword);
     }
-    console.log(`✅ Added DNS entries for ${tool}: ${entriesToAdd.join(", ")}`);
+    log(`🌐 DNS ${tool}: ✅ added ${entriesToAdd.join(", ")}`);
   } catch (error) {
     const msg = error.message?.includes("incorrect password") ? "Wrong sudo password" : "Failed to add DNS entry";
     throw new Error(msg);
@@ -191,43 +164,17 @@ async function removeDNSEntry(tool, sudoPassword) {
 
   const entriesToRemove = hosts.filter(h => checkDNSEntry(h));
   if (entriesToRemove.length === 0) {
-    console.log(`DNS entries for ${tool} do not exist`);
+    log(`🌐 DNS ${tool}: already inactive`);
     return;
   }
 
   try {
     if (IS_WIN) {
+      // Process already has admin rights — edit hosts file directly
       const content = fs.readFileSync(HOSTS_FILE, "utf8");
       const filtered = content.split(/\r?\n/).filter(l => !entriesToRemove.some(h => l.includes(h))).join("\r\n");
-      const tmpFile = path.join(os.tmpdir(), `hosts_filtered_${Date.now()}.tmp`);
-      fs.writeFileSync(tmpFile, filtered, "utf8");
-      
-      const tmpEsc = tmpFile.replace(/'/g, "''");
-      const hostsEsc = HOSTS_FILE.replace(/'/g, "''");
-      
-      // Build PowerShell script with proper error handling
-      const scriptLines = [];
-      scriptLines.push(`$ErrorActionPreference = 'Stop'`);
-      scriptLines.push(`try {`);
-      scriptLines.push(`  Copy-Item -Path '${tmpEsc}' -Destination '${hostsEsc}' -Force -ErrorAction Stop`);
-      scriptLines.push(`  Write-Host "Hosts file updated successfully"`);
-      scriptLines.push(`  ipconfig /flushdns | Out-Null`);
-      scriptLines.push(`  Write-Host "DNS cache flushed"`);
-      scriptLines.push(`  Remove-Item '${tmpEsc}' -ErrorAction SilentlyContinue`);
-      scriptLines.push(`} catch {`);
-      scriptLines.push(`  Write-Error "Failed to remove DNS: $_"`);
-      scriptLines.push(`  Remove-Item '${tmpEsc}' -ErrorAction SilentlyContinue`);
-      scriptLines.push(`  exit 1`);
-      scriptLines.push(`}`);
-      
-      const psScript = scriptLines.join("\n");
-      const tmpPs1 = path.join(os.tmpdir(), `mitm_dns_remove_${Date.now()}.ps1`);
-      fs.writeFileSync(tmpPs1, psScript, "utf8");
-      
-      await executeElevatedPowerShell(tmpPs1, 30000);
-      
-      // Cleanup temp file if still exists
-      try { fs.unlinkSync(tmpFile); } catch { /* ignore */ }
+      fs.writeFileSync(HOSTS_FILE, filtered, "utf8");
+      require("child_process").execSync("ipconfig /flushdns", { windowsHide: true });
     } else {
       for (const host of entriesToRemove) {
         const sedCmd = IS_MAC
@@ -237,7 +184,7 @@ async function removeDNSEntry(tool, sudoPassword) {
       }
       await flushDNS(sudoPassword);
     }
-    console.log(`✅ Removed DNS entries for ${tool}: ${entriesToRemove.join(", ")}`);
+    log(`🌐 DNS ${tool}: ✅ removed ${entriesToRemove.join(", ")}`);
   } catch (error) {
     const msg = error.message?.includes("incorrect password") ? "Wrong sudo password" : "Failed to remove DNS entry";
     throw new Error(msg);
@@ -252,7 +199,7 @@ async function removeAllDNSEntries(sudoPassword) {
     try {
       await removeDNSEntry(tool, sudoPassword);
     } catch (e) {
-      console.log(`[MITM] Warning: failed to remove DNS for ${tool}: ${e.message}`);
+      err(`DNS ${tool}: failed to remove — ${e.message}`);
     }
   }
 }

package/app/src/mitm/logger.js

@@ -0,0 +1,8 @@
+function time() {
+  return new Date().toLocaleTimeString("en-US", { hour12: false });
+}
+
+const log = (msg) => console.log(`[${time()}] [MITM] ${msg}`);
+const err = (msg) => console.error(`[${time()}] ❌ [MITM] ${msg}`);
+
+module.exports = { log, err };

package/app/src/mitm/manager.js

@@ -5,12 +5,14 @@ const os = require("os");
 const net = require("net");
 const https = require("https");
 const crypto = require("crypto");
-const { addDNSEntry, removeDNSEntry, removeAllDNSEntries, checkAllDNSStatus, executeElevatedPowerShell, TOOL_HOSTS } = require("./dns/dnsConfig");
+const { addDNSEntry, removeDNSEntry, removeAllDNSEntries, checkAllDNSStatus, TOOL_HOSTS } = require("./dns/dnsConfig");
 
 const IS_WIN = process.platform === "win32";
 const { generateCert } = require("./cert/generate");
-const { installCert } = require("./cert/install");
+const { installCert, uninstallCert } = require("./cert/install");
+const { isCertExpired } = require("./cert/rootCA");
 const { MITM_DIR } = require("./paths");
+const { log, err } = require("./logger");
 
 const MITM_PORT = 443;
 const MITM_WIN_NODE_PORT = 8443;
@@ -80,7 +82,7 @@ function isProcessAlive(pid) {
 function killProcess(pid, force = false, sudoPassword = null) {
   if (IS_WIN) {
     const flag = force ? "/F " : "";
-    exec(`taskkill ${flag}/PID ${pid}`, () => { });
+    exec(`taskkill ${flag}/PID ${pid}`, { windowsHide: true }, () => { });
   } else {
     const sig = force ? "SIGKILL" : "SIGTERM";
     const cmd = `pkill -${sig} -P ${pid} 2>/dev/null; kill -${sig} ${pid} 2>/dev/null`;
@@ -140,7 +142,7 @@ async function saveMitmSettings(enabled, password) {
     if (password) updates.mitmSudoEncrypted = encryptPassword(password);
     await _updateSettings(updates);
   } catch (e) {
-    console.log("[MITM] Failed to save settings:", e.message);
+    err(`Failed to save settings: ${e.message}`);
   }
 }
 
@@ -277,8 +279,10 @@ async function getMitmStatus() {
   const dnsStatus = checkAllDNSStatus();
   const rootCACertPath = path.join(MITM_DIR, "rootCA.crt");
   const certExists = fs.existsSync(rootCACertPath);
+  const { checkCertInstalled } = require("./cert/install");
+  const certTrusted = certExists ? await checkCertInstalled(rootCACertPath) : false;
 
-  return { running, pid, certExists, dnsStatus };
+  return { running, pid, certExists, certTrusted, dnsStatus };
 }
 
 async function scheduleMitmRestart(apiKey) {
@@ -288,7 +292,7 @@ async function scheduleMitmRestart(apiKey) {
   if (aliveMs >= MITM_RESTART_RESET_MS) mitmRestartCount = 0;
 
   if (mitmRestartCount >= MITM_MAX_RESTARTS) {
-    console.error("[MITM] Max restart attempts reached. Giving up.");
+    err("Max restart attempts reached. Giving up.");
     return;
   }
 
@@ -297,28 +301,28 @@ async function scheduleMitmRestart(apiKey) {
   mitmRestartCount++;
   mitmIsRestarting = true;
 
-  console.log(`[MITM] Restarting in ${delay / 1000}s... (${mitmRestartCount}/${MITM_MAX_RESTARTS})`);
+  log(`Restarting in ${delay / 1000}s... (${mitmRestartCount}/${MITM_MAX_RESTARTS})`);
   await new Promise((r) => setTimeout(r, delay));
 
   try {
     const settings = _getSettings ? await _getSettings() : null;
     if (settings && !settings.mitmEnabled) {
-      console.log("[MITM] MITM disabled, skipping restart");
+      log("MITM disabled, skipping restart");
       mitmIsRestarting = false;
       return;
     }
     const password = getCachedPassword() || await loadEncryptedPassword();
     if (!password && !IS_WIN) {
-      console.error("[MITM] No cached password, cannot auto-restart");
+      err("No cached password, cannot auto-restart");
       mitmIsRestarting = false;
       return;
     }
     await startServer(apiKey, password);
-    console.log("[MITM] Restarted successfully");
+    log("🔄 Restarted successfully");
     mitmRestartCount = 0;
     mitmIsRestarting = false;
-  } catch (err) {
-    console.error(`[MITM] Restart attempt ${mitmRestartCount}/${MITM_MAX_RESTARTS} failed:`, err.message);
+  } catch (e) {
+    err(`Restart attempt ${mitmRestartCount}/${MITM_MAX_RESTARTS} failed: ${e.message}`);
     mitmIsRestarting = false;
     // Schedule next retry
     scheduleMitmRestart(apiKey);
@@ -335,7 +339,7 @@ async function startServer(apiKey, sudoPassword) {
         const savedPid = parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10);
         if (savedPid && isProcessAlive(savedPid)) {
           serverPid = savedPid;
-          console.log(`[MITM] Reusing existing process PID ${savedPid}`);
+          log(`♻️ Reusing existing process (PID: ${savedPid})`);
           await saveMitmSettings(true, sudoPassword);
           if (sudoPassword) setCachedPassword(sudoPassword);
           return { running: true, pid: savedPid };
@@ -357,7 +361,7 @@ async function startServer(apiKey, sudoPassword) {
     if (portStatus === "in-use" || portStatus === "no-permission") {
       const owner = await getPort443Owner(sudoPassword);
       if (owner && owner.name === "node") {
-        console.log(`[MITM] Killing orphan node process on port 443 (PID ${owner.pid})...`);
+        log(`Killing orphan node process on port 443 (PID ${owner.pid})...`);
         try {
           const { execWithPassword } = require("./dns/dnsConfig");
           await execWithPassword(`kill -9 ${owner.pid}`, sudoPassword);
@@ -372,12 +376,19 @@ async function startServer(apiKey, sudoPassword) {
     }
   }
 
-  // Step 1: Auto-migration - Generate Root CA if not exists
+  // Step 1: Generate Root CA if missing or expired
   const rootCACertPath = path.join(MITM_DIR, "rootCA.crt");
   const rootCAKeyPath = path.join(MITM_DIR, "rootCA.key");
-
-  if (!fs.existsSync(rootCACertPath) || !fs.existsSync(rootCAKeyPath)) {
-    console.log("[MITM] Generating Root CA certificate (first time or migration)...");
+  const certExists = fs.existsSync(rootCACertPath) && fs.existsSync(rootCAKeyPath);
+
+  if (!certExists || isCertExpired(rootCACertPath)) {
+    if (certExists) {
+      // Uninstall expired cert from system store before regenerating
+      log("🔐 Cert expired — uninstalling old cert...");
+      const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+      try { await uninstallCert(password, rootCACertPath); } catch { /* best effort */ }
+    }
+    log("🔐 Generating Root CA...");
     await generateCert();
   }
 
@@ -385,35 +396,42 @@ async function startServer(apiKey, sudoPassword) {
   const { checkCertInstalled } = require("./cert/install");
   const rootCATrusted = await checkCertInstalled(rootCACertPath);
   if (!rootCATrusted) {
-    console.log("[MITM] Installing Root CA to system trust store...");
-    // Use provided password or cached/stored password
+    log("🔐 Cert: not trusted → installing...");
     const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
     if (!password && !IS_WIN) {
       throw new Error("Sudo password required to install Root CA certificate");
     }
-    await installCert(password, rootCACertPath);
-    console.log("✅ Root CA installed successfully");
+    try {
+      await installCert(password, rootCACertPath);
+      log("🔐 Cert: ✅ trusted");
+    } catch (e) {
+      throw new Error(`Failed to trust certificate: ${e.message}`);
+    }
+  } else {
+    log("🔐 Cert: already trusted ✅");
   }
 
   // Step 2: Spawn server (Root CA already installed in Step 1.5)
+  log("🚀 Starting server...");
   if (IS_WIN) {
-    const psSQ = (s) => s.replace(/'/g, "''");
-    const nodePs = psSQ(process.execPath);
-    const serverPs = psSQ(SERVER_PATH);
-
-    const psScript = [
-      `$ErrorActionPreference = 'Stop'`,
-      `$conn = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1`,
-      `if ($conn -and $conn.OwningProcess -gt 4) { Stop-Process -Id $conn.OwningProcess -Force -ErrorAction SilentlyContinue }`,
-      `Start-Sleep -Milliseconds 500`,
-      `$nodeCmd = 'set ROUTER_API_KEY=${psSQ(apiKey)}&& set NODE_ENV=production&& "${nodePs}" "${serverPs}"'`,
-      `Start-Process cmd -ArgumentList '/c',$nodeCmd -WindowStyle Hidden`,
-      `Start-Sleep -Milliseconds 500`,
-    ].join("\n");
-
-    const tmpPs1 = path.join(os.tmpdir(), `mitm_start_${Date.now()}.ps1`);
-    fs.writeFileSync(tmpPs1, psScript, "utf8");
-    await executeElevatedPowerShell(tmpPs1, 90000);
+    // Kill any process using port 443 before spawning
+    try {
+      const psKill = `$c = Get-NetTCPConnection -LocalPort 443 -State Listen -ErrorAction SilentlyContinue | Select-Object -First 1; if ($c -and $c.OwningProcess -gt 4) { Stop-Process -Id $c.OwningProcess -Force -ErrorAction SilentlyContinue }`;
+      execSync(`powershell -NonInteractive -WindowStyle Hidden -Command "${psKill}"`, { windowsHide: true });
+      await new Promise(r => setTimeout(r, 500));
+    } catch { /* best effort */ }
+
+    // Spawn directly — process already has admin rights
+    serverProcess = spawn(
+      process.execPath,
+      [SERVER_PATH],
+      {
+        detached: false,
+        windowsHide: true,
+        stdio: ["ignore", "pipe", "pipe"],
+        env: { ...process.env, ROUTER_API_KEY: apiKey, NODE_ENV: "production" },
+      }
+    );
 
     if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
   } else {
@@ -427,26 +445,28 @@ async function startServer(apiKey, sudoPassword) {
     serverProcess.stdin.end();
   }
 
-  if (!IS_WIN && serverProcess) {
+  if (serverProcess) {
     serverPid = serverProcess.pid;
     fs.writeFileSync(PID_FILE, String(serverPid));
     mitmLastStartTime = Date.now();
   }
 
   let startError = null;
-  if (!IS_WIN) {
+  if (serverProcess) {
     serverProcess.stdout.on("data", (data) => {
-      console.log(`[MITM Server] ${data.toString().trim()}`);
+      // server.js already formats its own logs — print as-is
+      process.stdout.write(data);
     });
     serverProcess.stderr.on("data", (data) => {
       const msg = data.toString().trim();
-      if (msg && !msg.includes("Password:") && !msg.includes("password for")) {
-        console.error(`[MITM Server Error] ${msg}`);
+      // Mac/Linux: filter sudo password prompt noise
+      if (msg && (IS_WIN || (!msg.includes("Password:") && !msg.includes("password for")))) {
+        err(msg);
         startError = msg;
       }
     });
     serverProcess.on("exit", (code) => {
-      console.log(`MITM server exited with code ${code}`);
+      log(`Server exited (code: ${code})`);
       serverProcess = null;
       serverPid = null;
       try { fs.unlinkSync(PID_FILE); } catch { /* ignore */ }
@@ -455,19 +475,23 @@ async function startServer(apiKey, sudoPassword) {
     });
   }
 
-  const health = await pollMitmHealth(IS_WIN ? 15000 : 8000, MITM_PORT);
+  const health = await pollMitmHealth(8000, MITM_PORT);
   if (!health) {
-    if (IS_WIN) serverProcess = null;
+    if (serverProcess && !serverProcess.killed) { try { serverProcess.kill(); } catch { /* ignore */ } serverProcess = null; }
     const processUsing443 = getProcessUsingPort443();
     const portInfo = processUsing443 ? ` Port 443 already in use by ${processUsing443}.` : "";
     const reason = startError || `Check sudo password or port 443 access.${portInfo}`;
     throw new Error(`MITM server failed to start. ${reason}`);
   }
 
-  if (IS_WIN && _updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
-  if (IS_WIN && health.pid) {
-    serverPid = health.pid;
-    fs.writeFileSync(PID_FILE, String(serverPid));
+  if (_updateSettings) await _updateSettings({ mitmCertInstalled: true }).catch(() => { });
+
+  log(`✅ Server healthy (PID: ${serverPid || health.pid})`);
+
+  // Log DNS status per tool
+  const dnsStatus = checkAllDNSStatus();
+  for (const [tool, active] of Object.entries(dnsStatus)) {
+    log(`🌐 DNS ${tool}: ${active ? "✅ active" : "❌ inactive"}`);
   }
 
   await saveMitmSettings(true, sudoPassword);
@@ -483,7 +507,7 @@ async function stopServer(sudoPassword) {
   // Prevent auto-restart from triggering on intentional stop
   mitmIsRestarting = true;
   mitmRestartCount = 0;
-  console.log("[MITM] Stopping server...");
+  log("⏹ Stopping server...");
 
   // Kill server process
   const proc = serverProcess;
@@ -492,7 +516,7 @@ async function stopServer(sudoPassword) {
     : (() => { try { return parseInt(fs.readFileSync(PID_FILE, "utf-8").trim(), 10); } catch { return null; } })();
 
   if (pidToKill && isProcessAlive(pidToKill)) {
-    console.log(`Killing MITM server (PID: ${pidToKill})...`);
+    log(`Killing server (PID: ${pidToKill})...`);
     killProcess(pidToKill, false, sudoPassword);
     await new Promise(r => setTimeout(r, 1000));
     if (isProcessAlive(pidToKill)) killProcess(pidToKill, true, sudoPassword);
@@ -501,33 +525,15 @@ async function stopServer(sudoPassword) {
   serverPid = null;
 
   if (IS_WIN) {
-    // Single elevated script: clean DNS + flush — 1 UAC prompt only
+    // Process already has admin rights — edit hosts file directly
     const hostsFile = path.join(process.env.SystemRoot || "C:\\Windows", "System32", "drivers", "etc", "hosts");
-    const psSQ = (s) => s.replace(/'/g, "''");
     const allHosts = Object.values(TOOL_HOSTS).flat();
-
-    let hostsContent = "";
-    try { hostsContent = fs.readFileSync(hostsFile, "utf8"); } catch { /* ignore */ }
-    const filtered = hostsContent.split(/\r?\n/)
-      .filter(l => !allHosts.some(h => l.includes(h)))
-      .join("\r\n");
-    const tmpHosts = path.join(os.tmpdir(), `mitm_hosts_clean_${Date.now()}.tmp`);
-    fs.writeFileSync(tmpHosts, filtered, "utf8");
-
-    const psScript = [
-      `$ErrorActionPreference = 'Stop'`,
-      `try {`,
-      `  Copy-Item -Path '${psSQ(tmpHosts)}' -Destination '${psSQ(hostsFile)}' -Force -ErrorAction Stop`,
-      `  ipconfig /flushdns | Out-Null`,
-      `  Remove-Item '${psSQ(tmpHosts)}' -ErrorAction SilentlyContinue`,
-      `} catch {`,
-      `  Remove-Item '${psSQ(tmpHosts)}' -ErrorAction SilentlyContinue`,
-      `}`,
-    ].join("\n");
-
-    const tmpPs1 = path.join(os.tmpdir(), `mitm_stop_${Date.now()}.ps1`);
-    fs.writeFileSync(tmpPs1, psScript, "utf8");
-    await executeElevatedPowerShell(tmpPs1, 30000);
+    try {
+      const hostsContent = fs.readFileSync(hostsFile, "utf8");
+      const filtered = hostsContent.split(/\r?\n/).filter(l => !allHosts.some(h => l.includes(h))).join("\r\n");
+      fs.writeFileSync(hostsFile, filtered, "utf8");
+      require("child_process").execSync("ipconfig /flushdns", { windowsHide: true });
+    } catch (e) { err(`Failed to clean hosts: ${e.message}`); }
   } else {
     await removeAllDNSEntries(sudoPassword);
   }
@@ -562,6 +568,19 @@ async function disableToolDNS(tool, sudoPassword) {
   return { success: true };
 }
 
+/**
+ * Install Root CA to system trust store (standalone, no server start)
+ */
+async function trustCert(sudoPassword) {
+  const rootCACertPath = path.join(MITM_DIR, "rootCA.crt");
+  if (!fs.existsSync(rootCACertPath)) throw new Error("Root CA not found. Start server first to generate it.");
+  const { installCert } = require("./cert/install");
+  const password = sudoPassword || getCachedPassword() || await loadEncryptedPassword();
+  if (!password && !IS_WIN) throw new Error("Sudo password required to trust certificate");
+  await installCert(password, rootCACertPath);
+  if (password) setCachedPassword(password);
+}
+
 // Legacy aliases for backward compatibility
 const startMitm = startServer;
 const stopMitm = stopServer;
@@ -572,6 +591,7 @@ module.exports = {
   stopServer,
   enableToolDNS,
   disableToolDNS,
+  trustCert,
   // Legacy
   startMitm,
   stopMitm,

package/app/src/mitm/server.js

@@ -3,6 +3,7 @@ const fs = require("fs");
 const path = require("path");
 const dns = require("dns");
 const { promisify } = require("util");
+const { log, err } = require("./logger");
 
 // Allow self-signed certs from MITM root CA when fetching external hosts
 
@@ -25,7 +26,7 @@ const DB_FILE = path.join(DATA_DIR, "db.json");
 const ENABLE_FILE_LOG = false;
 
 if (!API_KEY) {
-  console.error("❌ ROUTER_API_KEY required");
+  err("ROUTER_API_KEY required");
   process.exit(1);
 }
 
@@ -57,11 +58,11 @@ function sniCallback(servername, cb) {
 
     // Cache it
     certCache.set(servername, ctx);
-    console.log(`✅ Generated cert for: ${servername}`);
+    log(`🔐 Cert generated: ${servername}`);
 
     cb(null, ctx);
   } catch (error) {
-    console.error(`❌ SNI error for ${servername}:`, error.message);
+    err(`SNI error for ${servername}: ${error.message}`);
     cb(error);
   }
 }
@@ -79,7 +80,7 @@ try {
     SNICallback: sniCallback
   };
 } catch (e) {
-  console.error(`❌ Root CA not found in ${certDir}: ${e.message}`);
+  err(`Root CA not found in ${certDir}: ${e.message}`);
   process.exit(1);
 }
 
@@ -134,7 +135,13 @@ function getMappedModel(tool, model) {
   try {
     if (!fs.existsSync(DB_FILE)) return null;
     const db = JSON.parse(fs.readFileSync(DB_FILE, "utf-8"));
-    return db.mitmAlias?.[tool]?.[model] || null;
+    const aliases = db.mitmAlias?.[tool];
+    if (!aliases) return null;
+    // Exact match first
+    if (aliases[model]) return aliases[model];
+    // Prefix match fallback: find alias key that starts with model or model starts with key
+    const prefixKey = Object.keys(aliases).find(k => k && aliases[k] && (model.startsWith(k) || k.startsWith(model)));
+    return prefixKey ? aliases[prefixKey] : null;
   } catch {
     return null;
   }
@@ -167,8 +174,8 @@ async function passthrough(req, res, bodyBuffer) {
     forwardRes.pipe(res);
   });
 
-  forwardReq.on("error", (err) => {
-    console.error(`❌ Passthrough error: ${err.message}`);
+  forwardReq.on("error", (e) => {
+    err(`Passthrough error: ${e.message}`);
     if (!res.headersSent) res.writeHead(502);
     res.end("Bad Gateway");
   });
@@ -216,7 +223,7 @@ async function intercept(req, res, bodyBuffer, mappedModel) {
       res.write(decoder.decode(value, { stream: true }));
     }
   } catch (error) {
-    console.error(`❌ ${error.message}`);
+    err(`Intercept error: ${error.message}`);
     if (!res.headersSent) res.writeHead(500, { "Content-Type": "application/json" });
     res.end(JSON.stringify({ error: { message: error.message, type: "mitm_error" } }));
   }
@@ -250,30 +257,34 @@ const server = https.createServer(sslOptions, async (req, res) => {
     if (!isChat) return passthrough(req, res, bodyBuffer);
 
     const model = extractModel(req.url, bodyBuffer);
-    console.log("Extracted model:", model);
+    log(`🔍 model="${model}" url=${req.url}`);
     const mappedModel = getMappedModel(tool, model);
 
-    if (!mappedModel) return passthrough(req, res, bodyBuffer);
+    if (!mappedModel) {
+      log(`⏩ passthrough | no mapping | ${tool} | ${model || "unknown"}`);
+      return passthrough(req, res, bodyBuffer);
+    }
 
+    log(`⚡ intercept | ${tool} | ${model} → ${mappedModel}`);
     return intercept(req, res, bodyBuffer, mappedModel);
-  } catch (err) {
-    console.error(`❌ Unhandled request error: ${err.message}`);
+  } catch (e) {
+    err(`Unhandled request error: ${e.message}`);
     if (!res.headersSent) res.writeHead(500, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ error: { message: err.message, type: "mitm_error" } }));
+    res.end(JSON.stringify({ error: { message: e.message, type: "mitm_error" } }));
   }
 });
 
 server.listen(LOCAL_PORT, () => {
-  console.log(`🚀 MITM ready on :${LOCAL_PORT}`);
+  log(`🚀 Server ready on :${LOCAL_PORT}`);
 });
 
 server.on("error", (error) => {
   if (error.code === "EADDRINUSE") {
-    console.error(`❌ Port ${LOCAL_PORT} already in use`);
+    err(`Port ${LOCAL_PORT} already in use`);
   } else if (error.code === "EACCES") {
-    console.error(`❌ Permission denied for port ${LOCAL_PORT}`);
+    err(`Permission denied for port ${LOCAL_PORT}`);
   } else {
-    console.error(`❌ ${error.message}`);
+    err(error.message);
   }
   process.exit(1);
 });

package/cli.js

@@ -121,22 +121,20 @@ function killAllAppProcesses() {
       let pids = [];
 
       if (platform === "win32") {
-        // Windows: use tasklist + findstr (works on all Windows versions)
+        // Windows: use WMI to get full CommandLine (tasklist /V doesn't include it)
         try {
-          const output = execSync('tasklist /FO CSV /V 2>nul | findstr /I "node"', {
-            encoding: 'utf8',
-            shell: true,
+          const psCmd = `powershell -NonInteractive -WindowStyle Hidden -Command "Get-WmiObject Win32_Process -Filter 'Name=\\"node.exe\\"' | Select-Object ProcessId,CommandLine | ConvertTo-Csv -NoTypeInformation"`;
+          const output = execSync(psCmd, {
+            encoding: "utf8",
             windowsHide: true,
             timeout: 5000
           });
-          const lines = output.split('\n').filter(l => l.trim());
-
+          const lines = output.split("\n").slice(1).filter(l => l.trim());
           lines.forEach(line => {
             const isAppProcess = line.toLowerCase().includes("9router") ||
               line.toLowerCase().includes("next-server");
             if (isAppProcess) {
-              // CSV format: "name","pid",...
-              const match = line.match(/"node\.exe","(\d+)"/i);
+              const match = line.match(/^"(\d+)"/);
               if (match && match[1] && match[1] !== process.pid.toString()) {
                 pids.push(match[1]);
               }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "9router",
-  "version": "0.3.53",
+  "version": "0.3.55",
   "description": "9Router CLI - Start and manage 9Router server",
   "bin": {
     "9router": "./cli.js"